Vigil@nce: Python, several overflows
January 2009 by Vigil@nce
Several overflows of Python can lead to a denial of service or to
code execution.
– Gravity: 2/4
– Consequences: user access/rights, denial of service of service
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 4
– Creation date: 12/01/2009
IMPACTED PRODUCTS
– Mandriva Corporate
– Mandriva Linux
– Novell Linux Desktop
– Novell Open Enterprise Server
– OpenSUSE
– SUSE LINUX Enterprise Server
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
An attacker can create a malicious Python program or use special
data in order to generate several overflows.
An attacker can generate an integer overflow in the
audioop.ratecv() function. [grav:2/4]
An attacker can generate an integer overflow in the imageop.crop()
function. [grav:2/4; CVE-2008-4864]
An attacker can generate an integer overflow in the imageop.crop()
function, which is implemented in string_expandtabs() of
Objects/stringobject.c or unicode_expandtabs() of
Objects/unicodeobject.c. [grav:2/4; BID-33187, CVE-2008-5031]
An attacker can generate an integer overflow in the
rgbimagemodule.c file. [grav:2/4]
These overflows can, depending on the context, lead to denials of
service or to code execution.
CHARACTERISTICS
– Identifiers: BID-33187, CESA-2008-008, CVE-2008-4864,
CVE-2008-5031, MDVSA-2009:003, SUSE-SR:2009:001, VIGILANCE-VUL-8378
– Url: http://vigilance.fr/vulnerability/Python-several-overflows-8378